This is an automated email from the ASF dual-hosted git repository.
papegaaij pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/wicket.git.
from 5fc33a5 Updated eclipse settings to reflect minimum java level of 11.
(#441)
add e61a083 Added Fetch Metadata checks to CsrfPrevention
add cfde11b WICKET-6786: Initial implementation of Fetch Metadata and
integration with CsrfPreventionRequestCycleListener
add 0827a19 Make the current resource isolation policy configurable on
CSRF request cycle listener. Sort static imports.
add c4a03da Make constructors of CsrfPreventionRequestCycleListener
visible to subclasses. This is required by the
WebSocketAwareCsrfPreventionRequestCycleListener
add d6fc569 Fixed the change to checkRequest method signature to preserve
API
add 584257d WICKET-6786: Adds new Fetch Metadata request listener. Makes
the legacy CsrfPreventionRequestCycleListener be a ResourceIsolationPolicy that
can be used in combination with the DefaultResourceIsolationPolicy to add
support for legacy browsers that don't send Sec-Fetch headers yet.
add 61f4b93 WICKET-6786: Minor refactor of
FetchMetadataRequestCycleListener.
add e9c471e WICKET-6786: Create OriginBasedResourceIsolationPolicy to
support legacy browsers that don't send Sec-Fetch-* headers and add it as a
default Resource Isolation Policy to the Fetch Metadata listener.
add 1e2acdb WICKET-6786: Fix logging statements.
new 5d9d4b5 WICKET-6786: code reformatting
new c51372b WICKET-6786: reintroduced the configuration options from
CsrfPreventionRequestCycleListener
new d01d6a2 Merge branch 'wicket-6786'
new bef3fac WICKET-6786: Fix license header and add some comments
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../http/CsrfPreventionRequestCycleListener.java | 240 ++----------
.../http/DefaultResourceIsolationPolicy.java | 80 ++++
.../http/FetchMetadataRequestCycleListener.java | 415 +++++++++++++++++++++
.../http/OriginBasedResourceIsolationPolicy.java | 283 ++++++++++++++
.../protocol/http/ResourceIsolationOutcome.java | 12 +-
.../protocol/http/ResourceIsolationPolicy.java | 56 +++
.../CsrfPreventionRequestCycleListenerTest.java | 69 +++-
.../FetchMetadataRequestCycleListenerTest.java | 200 ++++++++++
8 files changed, 1122 insertions(+), 233 deletions(-)
create mode 100644
wicket-core/src/main/java/org/apache/wicket/protocol/http/DefaultResourceIsolationPolicy.java
create mode 100644
wicket-core/src/main/java/org/apache/wicket/protocol/http/FetchMetadataRequestCycleListener.java
create mode 100644
wicket-core/src/main/java/org/apache/wicket/protocol/http/OriginBasedResourceIsolationPolicy.java
copy wicket-cdi/src/main/java/org/apache/wicket/cdi/DetachEvent.java =>
wicket-core/src/main/java/org/apache/wicket/protocol/http/ResourceIsolationOutcome.java
(74%)
create mode 100644
wicket-core/src/main/java/org/apache/wicket/protocol/http/ResourceIsolationPolicy.java
create mode 100644
wicket-core/src/test/java/org/apache/wicket/protocol/http/FetchMetadataRequestCycleListenerTest.java
